Overview

File _patchinfo of Package patchinfo.613

<patchinfo incident="613">
  <issue id="927808" tracker="bnc">VUL-0: CVE-2015-1860: libqt4,qt,qt3: segmentation fault in GIF Qt Image Format Handling</issue>
  <issue id="921999" tracker="bnc">VUL-1: CVE-2015-0295: libqt4,qt:  division by zero when processing malformed BMP files</issue>
  <issue id="927806" tracker="bnc">VUL-0: CVE-2015-1858: libqt4,qt,qt3: segmentation fault in BMP Qt Image Format Handling</issue>
  <issue id="927807" tracker="bnc">VUL-0: CVE-2015-1859: libqt4,qt,qt3: segmentation fault in ICO Qt Image Format Handling</issue>
  <issue id="929688" tracker="bnc">Critical Problem in Qt Network Stack</issue>
  <issue id="847880" tracker="bnc">kde/qt rendering error in qemu cirrus i586</issue>
  <issue id="CVE-2015-1860" tracker="cve" />
  <issue id="CVE-2015-0295" tracker="cve" />
  <issue id="CVE-2015-1859" tracker="cve" />
  <issue id="CVE-2015-1858" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>dirkmueller</packager>
  <description>The libqt4 library was updated to fix several security and non security issues.

The following vulnerabilities were fixed:
- bsc#921999: CVE-2015-0295: division by zero when processing malformed BMP files
- bsc#927806: CVE-2015-1858: segmentation fault in BMP Qt Image Format Handling
- bsc#927807: CVE-2015-1859: segmentation fault in ICO Qt Image Format Handling
- bsc#927808: CVE-2015-1860: segmentation fault in GIF Qt Image Format Handling

The following non-secuirty issues were fixed:
- bsc#929688: Critical Problem in Qt Network Stack
- bsc#847880: kde/qt rendering error in qemu cirrus i586
- Update use-freetype-default.diff to use same method as with
  libqt5-qtbase package: Qt itself already does runtime check
  whether subpixel rendering is available, but only when
  FT_CONFIG_OPTION_SUBPIXEL_RENDERING is defined. Thus it is enough
  to only remove that condition
- The -devel subpackage requires Mesa-devel, not only at build time 
- Fixed compilation on SLE_11_SP3 by making it build against
  Mesa-devel on that system
- Replace patch l-qclipboard_fix_recursive.patch with
  qtcore-4.8.5-qeventdispatcher-recursive.patch. The later one 
  seems to work better and really resolves the issue in LibreOffice
- Added kde4_qt_plugin_path.patch, so kde4 plugins are magically
  found/known outside kde4 enviroment/session
- added _constraints. building took up to 7GB of disk space on
  s390x, and more than 6GB on x86_64 
- Add 3 patches for Qt bugs to make LibreOffice KDE4 file
  picker work properly again:
  * Add glib-honor-ExcludeSocketNotifiers-flag.diff (QTBUG-37380)
  * Add l-qclipboard_fix_recursive.patch (QTBUG-34614)
  * Add l-qclipboard_delay.patch (QTBUG-38585)</description>
  <summary>Security update for libqt4</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places